By analyzing those differences, Christmas tree packets can be used as a method of TCP/IP stack fingerprinting, exposing the underlying nature of a TCP/IP stack by sending the packets and then awaiting and analyzing the responses.
When used as part of scanning a system, the TCP header of a Christmas tree packet has the flags FIN, URG and PSH set.
[1] Many operating systems implement their compliance with the Internet Protocol standards[2][3] in varying or incomplete ways.
Versions of Microsoft Windows, BSD/OS, HP-UX, Cisco IOS, MVS, and IRIX display behaviors that differ from the RFC standard when queried with said packets.
Christmas tree packets can be easily detected by intrusion-detection systems or more advanced firewalls.